ACMEAccount.get_request check status code value lower boundary (#63140)

* check status code value lower boundary

Any HTTP code below 200 cannot be considered a success, should be
handled like a failure instead.

This is particularly true for below zero status codes.

Fixes #63139

* provide changelog fragment

* ensure connection errors are handled in Acme module

* add fetch_url check to ACME.send_signed_request

* remove module.fail_json

* move _assert_fetch_url_success out of ACMEAccount

* fix ansible-lint errors

* use simplified syntax status checking
pull/63140/merge
Edoardo T 5 years ago committed by Felix Fontein
parent c782831dd7
commit 0d905a0496

@ -0,0 +1,2 @@
bugfixes:
- "ACME modules: make sure some connection errors are handled properly"

@ -428,6 +428,16 @@ def _sign_request_cryptography(module, payload64, protected64, key_data):
} }
def _assert_fetch_url_success(response, info, allow_redirect=False, allow_client_error=True, allow_server_error=True):
if info['status'] < 0:
raise ModuleFailException(msg="Failure downloading %s, %s" % (info['url'], info['msg']))
if (300 <= info['status'] < 400 and not allow_redirect) or \
(400 <= info['status'] < 500 and not allow_client_error) or \
(info['status'] >= 500 and not allow_server_error):
raise ModuleFailException("ACME request failed: CODE: {0} MGS: {1} RESULT: {2}".format(info['status'], info['msg'], response))
class ACMEDirectory(object): class ACMEDirectory(object):
''' '''
The ACME server directory. Gives access to the available resources, The ACME server directory. Gives access to the available resources,
@ -588,6 +598,7 @@ class ACMEAccount(object):
'Content-Type': 'application/jose+json', 'Content-Type': 'application/jose+json',
} }
resp, info = fetch_url(self.module, url, data=data, headers=headers, method='POST') resp, info = fetch_url(self.module, url, data=data, headers=headers, method='POST')
_assert_fetch_url_success(resp, info)
result = {} result = {}
try: try:
content = resp.read() content = resp.read()
@ -636,6 +647,8 @@ class ACMEAccount(object):
# Perform unauthenticated GET # Perform unauthenticated GET
resp, info = fetch_url(self.module, uri, method='GET', headers=headers) resp, info = fetch_url(self.module, uri, method='GET', headers=headers)
_assert_fetch_url_success(resp, info)
try: try:
content = resp.read() content = resp.read()
except AttributeError: except AttributeError:
@ -655,7 +668,7 @@ class ACMEAccount(object):
else: else:
result = content result = content
if fail_on_error and info['status'] >= 400: if fail_on_error and (info['status'] < 200 or info['status'] >= 400):
raise ModuleFailException("ACME request failed: CODE: {0} RESULT: {1}".format(info['status'], result)) raise ModuleFailException("ACME request failed: CODE: {0} RESULT: {1}".format(info['status'], result))
return result, info return result, info

Loading…
Cancel
Save